Login

OpenSSL < 0.9.8j Signature Spoofing

Medium Nessus Plugin ID 17762

Synopsis

The remote server is affected by a signature validation bypass vulnerability.

Description

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8j. A remote attacker could implement a man-in-the-middle attack by forging an SSL/TLS signature using DSA and ECDSA keys which bypass validation of the certificate chain.